Problems with values from paths other than the specified path

a86236df74eecab0f8a3 · March 4, 2019, 4:35am

hello.
I wanted to analyze log informatins in real time by receiving them from the Wi-Fi terminal. so I used rsyslog to get logs and saved them as /var/log/remote.log.

filebeat.yml
filebeat.inputs:

type: log
enabled: true
paths:
- /var/log/remote.log
  output.logstash:
  hosts: ["localhost:5043"]

logstash.conf
input {
beats {
port => "5043"
}
}

It is working. however there are two problems.

The value does not come in real time.
I set the path to /var/log/remote.log but the /var/log/syslog, /var/log/syslog3, /var/log/syslog4 logs are also included.

What should i do?

pierhugues · March 6, 2019, 4:12pm

The value does not come in real time.

Are you parsing the date of the events, if you don't parse the date of the original event it will use a default date and events will appear to be created in batch instead of real time.

I set the path to /var/log/remote.log but the /var/log/syslog, /var/log/syslog3, /var/log/syslog4 logs are also included.

Do you have any module enabled by default?

system · April 3, 2019, 4:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.